DO NOT REPLY [Bug 22679] - how to access ssl session ID out of tomcat to prevent session hijacking

<bugzilla <at> apache.org>
2004-11-01 07:07:41 GMT

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=22679>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=22679
how to access ssl session ID out of tomcat to prevent session hijacking
------- Additional Comments From hauser <at> acm.org 2004-11-01 07:07 -------
thx, seems to work!
Had troubles finding the doc pages in CVS to provide the promised diff patch

DO NOT REPLY [Bug 32002] New: - null page in deploy

<bugzilla <at> apache.org>
2004-11-01 09:07:24 GMT

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32002>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32002
null page in deploy
Summary: null page in deploy
Product: Tomcat 5
Version: 5.0.28
Platform: Other
OS/Version: Windows NT/2K
Status: NEW
Severity: Minor
Priority: Other
Component: Webapps:Manager
AssignedTo: tomcat-dev <at> jakarta.apache.org
ReportedBy: thastius <at> wp.pl
When I didnt placed any path inside "WAR file to deploy" and started to
deploying it forwards me to "null" page (blank). I think it would be better to
check that option and generate approperiate info. I now this is trivial.. but
Tomcat should run best:)

tomcat 5.5.4 does not start when a single webapp fails

dear tomcat-developers,
i installed the latest tomcat-5.5.4.
when i try to start a webapp that runs without problems
on tomcat 5.5.3, i get the following error:
----------------
> INFO: Starting Servlet Engine: Apache Tomcat/5.5.4
> Nov 1, 2004 10:24:46 AM org.apache.catalina.core.StandardHost start
> INFO: XML validation disabled
> - Initializing log4j with '/path/to/webapp/WEB-INF/log/log4j.mescalin.xml'.
> Nov 1, 2004 10:24:50 AM org.apache.catalina.core.StandardPipeline registerValve
> INFO: Can't register valve ErrorReportValve[localhost]
> javax.xml.parsers.FactoryConfigurationError: Provider
org.apache.xerces.jaxp.DocumentBuilderFactoryImpl could not be instantiated: java.lang.NullPointerException
> at javax.xml.parsers.DocumentBuilderFactory.newInstance(DocumentBuilderFactory.java:104)
> at org.apache.commons.modeler.util.DomUtil.readXml(DomUtil.java:284)
> at org.apache.commons.modeler.modules.MbeansDescriptorsDOMSource.execute(MbeansDescriptorsDOMSource.java:130)
> at org.apache.commons.modeler.modules.MbeansDescriptorsDOMSource.loadDescriptors(MbeansDescriptorsDOMSource.java:120)
----------------
starting tomcat stops with this error, and tomcat will not
respond to any request, neither for the context that caused
the error, nor for other contexts like the default one.
the start procedure stops with the stack trace, there's no message
like "INFO: Server startup in .... ms"...
nmap shows the port 8080 to be open, but netstat does not
list the request made from the browser

RE: contrib directory

Garrison, Meg <meg.garrison <at> hp.com>
2004-11-01 12:02:58 GMT

Hi Leslie,
I'm also willing to maintain the HP OpenVMS scripts. Rather than create
a whole new project (tomcat-contrib) maybe it would be possible for the
Tomcat folks to grant us commit access to a single module/folder in
their CVS library (a contrib folder of some sort). Then they wouldn't
have to worry about committing our changes, etc.. If we misbehave and
don't follow their rules, then they have the option to "boot us out".
That's how the NetBeans project does it. For example, I have commit
powers in the core module, which is where the OpenVMS launcher lives,
but no other. Our needs for NetBeans (as yours, I'm sure) require that
the default Tomcat distribution contain our launcher somewhere...it
doesn't have to be in /bin.
Any other ideas?
Meg
-----Original Message-----
From: Leslie Kishalmi [mailto:lkishalmi_dev <at> freemail.hu]
Sent: Friday, October 29, 2004 5:29 PM
To: Shapira, Yoav
Cc: Tomcat Developers List; Garrison, Meg
Subject: Re: contrib directory
Dear all,
I'm willing to spend some of my limited free time to collect, organize
and maintain these contributed code.
However, it is very unlikely that I would be ever a committer on this

Re: tomcat 5.5.4 does not start when a single webapp fails

Remy Maucherat <remm <at> apache.org>
2004-11-01 12:29:09 GMT

Martin Grotzke wrote:
>hello,
>
>that was only half of the story.
>
>what i forgot to mention:
>the web.xml contains a listener-entry for a class, that
>initializes log4j with a specified log4j.xml (here
>"log4j.mescalin.xml").
>
>when i remove the entry for the listener in the web.xml,
>tomcat starts without any error...
>
>
Your listener might mess up JAXP's configuration: download the
compatibility package which includes Xerces with the regular package names.
Rémy

Re: tomcat 5.5.4 does not start when a single webapp fails

On Mon, 2004-11-01 at 13:26, Remy Maucherat wrote:
> Martin Grotzke wrote:
> >one problem is that the webapp does not start, but another problem
> >is that tomcat fails to start if one context is not starting correctly.
> >
> >
> >my system:
> >fedora core 2
> >sun jdk 1.5 (jpackage.org)
> >tomcat 5.5.4 alpha
> >log4j 1.2.7 (the same with 1.2.8)
> >
> >do you need some more information?
> >
> >
> >for now, i'll step back to tomcat 5.5.3.
> >
> >
> Your report is bogus, so step back all you want, but there won't be any fix.
what's bogus there?
i only wanted to let you know that there were changes from tc-5.5.3 to
5.5.4 that make the described error possible. if i've choses wrong words
for this, then i'm sorry about that.
if you think that the described behavior of tomcat is completely
right there's no problem, i can stay with 5.5.3...
regards,
martin
>

RE: contrib directory

Shapira, Yoav <Yoav.Shapira <at> mpi.com>
2004-11-01 13:52:50 GMT

Hi,
That actually gave me an idea: why not put it in the NetBeans repository
where you're already setup?
In Apache, there needs to be a long-demonstrated background of
contributions before getting commit privileges. We have different
processes in this area than NetBeans and some of the other open-source
collaborations.
Yoav Shapira http://www.yoavshapira.com
>-----Original Message-----
>From: Garrison, Meg [mailto:meg.garrison <at> hp.com]
>Sent: Monday, November 01, 2004 7:03 AM
>To: Tomcat Developers List
>Subject: RE: contrib directory
>
>Hi Leslie,
>
>I'm also willing to maintain the HP OpenVMS scripts. Rather than
create
>a whole new project (tomcat-contrib) maybe it would be possible for the
>Tomcat folks to grant us commit access to a single module/folder in
>their CVS library (a contrib folder of some sort). Then they wouldn't
>have to worry about committing our changes, etc.. If we misbehave and
>don't follow their rules, then they have the option to "boot us out".
>That's how the NetBeans project does it. For example, I have commit
>powers in the core module, which is where the OpenVMS launcher lives,
>but no other. Our needs for NetBeans (as yours, I'm sure) require that

Re: tomcat 5.5.4 does not start when a single webapp fails

Remy Maucherat <remm <at> apache.org>
2004-11-01 13:57:34 GMT

Martin Grotzke wrote:
>what's bogus there?
>
>
The report.
>i only wanted to let you know that there were changes from tc-5.5.3 to
>5.5.4 that make the described error possible. if i've choses wrong words
>for this, then i'm sorry about that.
>
>
There are no relevant changes between 5.5.3 and 5.5.4.
>if you think that the described behavior of tomcat is completely
>right there's no problem, i can stay with 5.5.3...
>
>
The report is invalid in bugzilla terms.
I am certain you're not using an out-of-the-box 5.5.3.
Rémy